From 3f7da8a69b9ff7dbbdde2dcec2a8b284a67c4102 Mon Sep 17 00:00:00 2001
From: Vlad Stan <stan.v.vlad@gmail.com>
Date: Thu, 3 Nov 2022 15:15:09 +0200
Subject: [PATCH] fix: token validation

---
 lnbits/extensions/cashu/static/js/dhke.js           | 3 +++
 lnbits/extensions/cashu/templates/cashu/wallet.html | 2 +-
 lnbits/extensions/cashu/views_api.py                | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/lnbits/extensions/cashu/static/js/dhke.js b/lnbits/extensions/cashu/static/js/dhke.js
index 935bf6d47..9c7aee1b4 100644
--- a/lnbits/extensions/cashu/static/js/dhke.js
+++ b/lnbits/extensions/cashu/static/js/dhke.js
@@ -20,6 +20,9 @@ async function hashToCurve(secretMessage) {
 }
 
 async function step1Alice(secretMessage) {
+  // todo: document & validate `secretMessage` format
+  secretMessage = uint8ToBase64.encode(secretMessage)
+  secretMessage = new TextEncoder().encode(secretMessage);
   const Y = await hashToCurve(secretMessage)
   const rpk = nobleSecp256k1.utils.randomPrivateKey()
   const r = bytesToNumber(rpk)
diff --git a/lnbits/extensions/cashu/templates/cashu/wallet.html b/lnbits/extensions/cashu/templates/cashu/wallet.html
index 105c1e08e..26bc3d26c 100644
--- a/lnbits/extensions/cashu/templates/cashu/wallet.html
+++ b/lnbits/extensions/cashu/templates/cashu/wallet.html
@@ -1278,7 +1278,7 @@ page_container %}
         // }
         this.sendData.tokens = ''
         this.sendData.tokensBase64 = ''
-        console.log('### sendTokens', sendTokens)
+        // console.log('### sendTokens', sendTokens)
         // this.sendData.tokens = sendTokens.map((token, tokenIndex) => {
         //   return this.promiseToProof(
         //     token.promises[tokenIndex].amount,
diff --git a/lnbits/extensions/cashu/views_api.py b/lnbits/extensions/cashu/views_api.py
index 4d3e854c6..806347cbf 100644
--- a/lnbits/extensions/cashu/views_api.py
+++ b/lnbits/extensions/cashu/views_api.py
@@ -353,7 +353,7 @@ async def split(
         keyset = ledger.keysets.keysets[cashu.keyset_id]
         split_return = await ledger.split(proofs, amount, outputs, keyset)
     except Exception as exc:
-        HTTPException(
+        raise HTTPException(
             status_code=HTTPStatus.BAD_REQUEST,
             detail=str(exc),
         )